From 2e6f498d65d3564b089a34a7f6689c8bfa0e325d Mon Sep 17 00:00:00 2001
From: liningjie <liningjie@xfusion.com>
Date: Wed, 2 Aug 2023 11:22:51 +0800
Subject: [PATCH] fix CVE-2023-3817

---
 backport-CVE-2023-3817-testcase.patch | 37 +++++++++++++++++
 backport-CVE-2023-3817.patch          | 58 +++++++++++++++++++++++++++
 openssl.spec                          |  7 +++-
 3 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-3817-testcase.patch
 create mode 100644 backport-CVE-2023-3817.patch

diff --git a/backport-CVE-2023-3817-testcase.patch b/backport-CVE-2023-3817-testcase.patch
new file mode 100644
index 0000000..6b81c60
--- /dev/null
+++ b/backport-CVE-2023-3817-testcase.patch
@@ -0,0 +1,37 @@
+From 9b5fbc55b8893b6700d5a28f219425924afac26f Mon Sep 17 00:00:00 2001
+From: liningjie <liningjie@xfusion.com>
+Date: Fri, 28 Jul 2023 00:22:19 +0800
+Subject: [PATCH] dhtest.c: Add test of DH_check() with q = p + 1
+
+This must fail with DH_CHECK_INVALID_Q_VALUE and
+with DH_CHECK_Q_NOT_PRIME unset.
+---
+ test/dhtest.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/test/dhtest.c b/test/dhtest.c
+index 9d5609b..dcf5007 100644
+--- a/test/dhtest.c
++++ b/test/dhtest.c
+@@ -123,6 +123,18 @@ static int dh_test(void)
+     /* check whether the public key was calculated correctly */
+     TEST_uint_eq(BN_get_word(pub_key2), 3331L);
+ 
++    if (!TEST_ptr(BN_copy(q, p)) || !TEST_true(BN_add(q, q, BN_value_one())))
++        goto err3;
++
++    if (!TEST_true(DH_check(dh, &i)))
++        goto err3;
++    if (!TEST_true(i & DH_CHECK_INVALID_Q_VALUE)
++        || !TEST_false(i & DH_CHECK_Q_NOT_PRIME))
++        goto err3;
++
++    /* We'll have a stale error on the queue from the above test so clear it */
++    ERR_clear_error();
++
+     /*
+      * II) key generation
+      */
+-- 
+2.33.0
+
diff --git a/backport-CVE-2023-3817.patch b/backport-CVE-2023-3817.patch
new file mode 100644
index 0000000..eab7259
--- /dev/null
+++ b/backport-CVE-2023-3817.patch
@@ -0,0 +1,58 @@
+From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 21 Jul 2023 11:39:41 +0200
+Subject: [PATCH 1/2] DH_check(): Do not try checking q properties if it is
+ obviously invalid
+
+If  |q| >= |p| then the q value is obviously wrong as q
+is supposed to be a prime divisor of p-1.
+
+We check if p is overly large so this added test implies that
+q is not large either when performing subsequent tests using that
+q value.
+
+Otherwise if it is too large these additional checks of the q value
+such as the primality test can then trigger DoS by doing overly long
+computations.
+
+Fixes CVE-2023-3817
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21551)
+---
+ crypto/dh/dh_check.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
+index 2001d2e7cb..9ae96991eb 100644
+--- a/crypto/dh/dh_check.c
++++ b/crypto/dh/dh_check.c
+@@ -97,7 +97,7 @@ int DH_check_ex(const DH *dh)
+ 
+ int DH_check(const DH *dh, int *ret)
+ {
+-    int ok = 0, r;
++    int ok = 0, r, q_good = 0;
+     BN_CTX *ctx = NULL;
+     BIGNUM *t1 = NULL, *t2 = NULL;
+ 
+@@ -120,7 +120,14 @@ int DH_check(const DH *dh, int *ret)
+     if (t2 == NULL)
+         goto err;
+ 
+-    if (dh->q) {
++    if (dh->q != NULL) {
++        if (BN_ucmp(dh->p, dh->q) > 0)
++            q_good = 1;
++        else
++            *ret |= DH_CHECK_INVALID_Q_VALUE;
++    }
++
++    if (q_good) {
+         if (BN_cmp(dh->g, BN_value_one()) <= 0)
+             *ret |= DH_NOT_SUITABLE_GENERATOR;
+         else if (BN_cmp(dh->g, dh->p) >= 0)
+-- 
+2.41.0.windows.3
+
diff --git a/openssl.spec b/openssl.spec
index a6b45e0..db82c33 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     1.1.1m
-Release:     6
+Release:     7
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@@ -32,6 +32,8 @@ Patch21:     Feature-Support-TLCP-protocol.patch
 Patch22:     Feature-X509-command-supports-SM2-certificate-signing-with-default-sm2id.patch
 Patch23:     CVE-2022-2068-Fix-file-operations-in-c_rehash.patch
 Patch24:     CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
+Patch25:     backport-CVE-2023-3817.patch
+Patch26:     backport-CVE-2023-3817-testcase.patch
 
 BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
 Requires:    coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@@ -228,6 +230,9 @@ make test || :
 %ldconfig_scriptlets libs
 
 %changelog
+* Wed Aug 2 2023 liningjie <liningjie@xfusion.com> - 1:1.1.1m-7
+- fix CVE-2023-3817
+
 * Tue Jul 12 2022 wangcheng <wangcheng156@huawei.com> - 1:1.1.1m-6
 - fix CVE-2022-2097
 
-- 
Gitee